1. Field of the Invention
The present invention relates generally to automated industrial processes. In more particular aspects, the present invention relates to managing risk for process control networks and systems in an industrial facility.
2. Description of the Related Art
The architecture of modern industrial operations, such as that found in modern oil and gas field applications is enabled at the field-level, process-level, and the system-level by various networked devices. These devices monitor and collect data, such as measurements, reflective of the operations of the automated process, such as, for example, pressure, temperature, pH, or flow. These devices are connected to or in communication with machines known as controllers that operate at different levels to process the data collected and issue commands back to, or to other, networked devices.
In a typical configuration, these components form Plant Networks and Systems (PN&S). Also in the typical configuration, the control system portion of the PN&S includes but is not limited to, Distributed Control Systems, Supervisory Control Data Acquisition Systems, etc. These industrial networks and systems can be connected to multiple networks within the plant or other industrial process facility or through networks external to the facility. This makes such “industrial networks” extremely susceptible to both internal and external cyber attacks and other security threats. Such cyber attacks can result in, among other things, a “loss of view” and/or a “loss of control” of individual components or entire network or system structures. A loss of view occurs when the user/automated controller is unable to access a system, either partially or fully, and thus, has no view of the process operation. A loss of control occurs when the user/automated controller is unable to send and/or receive control messages to the process control system to invoke a function and or a procedure.
Cyber security measures applied to PN&S have generally taken the form of those applied to Information Technology (IT) systems, and thus, have been relatively ineffective. As recognized by the inventors, some of the reasons for the ineffectiveness include the reality that PN&S is focused on machine and production and IT systems focus on people communication; that PN&S supports industrial applications that manage instruments, controllers, and process machines as compared to commutation between people or computers managed by IT systems; and that in PN&S, the end user is normally a computing instrument or device having a high level of vulnerability whereas in IT systems, the end user is normally a human. The inventors have also recognized that PN&S supports parallel systems and networks running concurrently; and that PN&S employs layered systems and networks which require an in depth analysis well beyond that capable of security measures developed for IT systems. The inventors have additionally recognized that “availability,” “integrity,” and “confidentiality,” are the priority order for PN&S as compared to “confidentiality,” “integrity,” and “availability,” for IT systems; and as such, the focus of both security and risk can be vastly different. Further, security standards for PN&S need to primarily address process control and instrument systems as compare to those for IT systems which generally support communication. The inventors have further recognized that “loss of control” and “loss of view” can be essential in PN&S as compared to IT systems, and thus, security policies must be different for system, instrument and controller than that of an IT computer or end user communication device to satisfy the unique security requirements of PN&S. Still further, risk criteria and risk level can be significantly different for PN&S over that of IT systems as a loss of view or control can result in injury to plant personnel and/or environmental release, among others, which would not be expected to be a factor in a pure IT system.
Risk level to industrial systems is generally conventionally quantified via a manual process and/or with relatively limited automated assistance. Such conventional forms of the assessment process can not only be extremely time-consuming and labor-intensive, but can be excessively prone to error due, for example, due to the lack of available data required to measure the risk level, threat and vulnerability likelihood, etc. Also, the consequences of a certain threat is difficult to quantify. In addition, the manual process is highly dependent on skilled analysts and their level of expertise, making the manual process not only excessively costly (monetarily), but also extremely subjective. Hence, such manual estimation of risk, vulnerability, etc., associated threat and associated consequences are highly susceptible to inconsistencies. This can be especially true across different systems and plants within a company or industry as the risk facing such different systems/entities can be vastly different.
Accordingly, the inventors have recognized the need for systems, program product, and methods which automate the complete risk assessment workflow process for PN&S. Particularly, recognized by the inventors is the need for automated systems, program product, and methods which can identify primary networked assets and their vulnerabilities, determine the effect of known threats on such vulnerabilities, determine the various costs associated with exploitation of such vulnerabilities by the known threats, determine the likelihood of occurrence, determine or assign a risk level/rating of such occurrence, provide recommended actions to reduce the risk level/rating, and facilitate execution of a mitigation plan for each identified vulnerability with respect to one or more of the known threats. Also recognized by the inventors is the need for automated systems, program product, and methods which can provide “templates” defined, for example, in different system modules, for the end user to enter all of the relevant variables, which can correlate networks and systems scanning outcomes to gathered data and templates, and which can exchange the templates between different system modules as necessary to achieve the overall objective, to thereby reduce the dependency and/or need for specialized professionals to support data mining, mapping and reporting and other such complex exercises as defined by the risk assessment process.